bazarbackdoor | 8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3 | Triage

Submit
Reports

Overview

overview

Static

static

8e1c3d568c...e3.exe

windows7_x64

7

8e1c3d568c...e3.exe

windows10-2004_x64

7

Sharing

General

Target

8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
Size

5.5MB
Sample

220427-rwhxzsdcbm
MD5

7f89ecf28ac7a0c7456423e4785fa4ec
SHA1

52f787a318332bb5254302151c3915e067c7699f
SHA256

8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
SHA512

8ac25a9d2848d5790a8524aaa0fbac70006371ec743d58ced75b8b18af3e047f21e858cb4e21dde6e9346c49b93bb91c110bac07e8ca749160770df877d6c4e9

Score

10^/10

bazarbackdoor pyinstaller spyware stealer

Static task

static1

pyinstaller bazarbackdoor

Behavioral task

behavioral1

Sample

8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3.exe

Resource

win7-20220414-en

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3.exe

Resource

win10v2004-20220414-en

spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
- Size
  
  5.5MB
- MD5
  
  7f89ecf28ac7a0c7456423e4785fa4ec
- SHA1
  
  52f787a318332bb5254302151c3915e067c7699f
- SHA256
  
  8e1c3d568cc5c033db5d8e8ec761611e477660928d35b63224a8d57990ce39e3
- SHA512
  
  8ac25a9d2848d5790a8524aaa0fbac70006371ec743d58ced75b8b18af3e047f21e858cb4e21dde6e9346c49b93bb91c110bac07e8ca749160770df877d6c4e9
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

pyinstallerbazarbackdoor

behavioral1

behavioral2

© 2018-2024

Terms | Privacy